changeset 25195:4e624cc0c4a5

Jabber BOSH: memory management fixes * jabber_process_packet might free the packet. * logic in a g_return_if_fail was backward * copy the node when putting it into the BOSH node (double free)
author Paul Aurich <paul@darkrain42.org>
date Sun, 18 Jan 2009 04:13:39 +0000
parents b78c8ab5de2b
children 1d1d1829de11
files libpurple/protocols/jabber/bosh.c
diffstat 1 files changed, 13 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/libpurple/protocols/jabber/bosh.c	Sun Jan 18 04:11:15 2009 +0000
+++ b/libpurple/protocols/jabber/bosh.c	Sun Jan 18 04:13:39 2009 +0000
@@ -278,22 +278,25 @@
 
 	child = node->child;
 	while (child != NULL) {
+		/* jabber_process_packet might free child */
+		xmlnode *next = child->next;
 		if (child->type == XMLNODE_TYPE_TAG) {
-			xmlnode *session = NULL;
-			if (!strcmp(child->name, "iq")) session = xmlnode_get_child(child, "session");
-			if (session) {
-				conn->ready = TRUE;
+			if (!strcmp(child->name, "iq")) {
+				if (xmlnode_get_child(child, "session"))
+					conn->ready = TRUE;
 			}
+
 			jabber_process_packet(js, &child);
 		}
-		child = child->next;
+
+		child = next;
 	}
 }
 
 static void auth_response_cb(PurpleBOSHConnection *conn, xmlnode *node) {
 	xmlnode *child;
 
-	g_return_if_fail(node == NULL);
+	g_return_if_fail(node != NULL);
 	if (jabber_bosh_connection_error_check(conn, node))
 		return;
 
@@ -414,8 +417,10 @@
 	xmlnode_set_attrib(packet, "rid", rid);
 	
 	if (node) {
-		xmlnode_insert_child(packet, node);
-		if (conn->ready == TRUE) xmlnode_set_attrib(node, "xmlns", "jabber:client");
+		xmlnode *copy = xmlnode_copy(node);
+		xmlnode_insert_child(packet, copy);
+		if (conn->ready == TRUE)
+			xmlnode_set_attrib(copy, "xmlns", "jabber:client");
 	}
 	jabber_bosh_connection_send_native(conn, packet);
 	xmlnode_free(packet);